Cybersecurity

October 22, 2020
By Julianne Simpson
Katie Arrington, chief information security officer for Acquisition and Sustainment, U.S. Department of Defense, says there’s no point in developing software if it’s not secure, during a webinar on securing the federal software supply chain.

Anyone moving through the ecosystem of software development and cyber over the last few decades has heard cool words to describe it: Waterfall, Cobalt, Agile, DevOps and now DevSecOps.

DevSecOps may be the latest term but the idea behind it remains constant: Security should be a priority from the start.

October 1, 2020
By Robert Hoffman
Marines with Marine Corps Forces Cyberspace Command work in the cyber operations center at Lasswell Hall, Fort Meade, Maryland. MARFORCYBER Marines conduct offensive and defensive cyber operations in support of U.S. Cyber Command and operate, secure and defend the Marine Corps Enterprise Network. Credit: Staff Sgt. Jacob Osborne, USMC

Automation software tools are being under-utilized, especially in the U.S. Defense Department. While the department has purchased and used automated scanning tools for security and compliance, it has been slow to adopt automation for many other tasks that would benefit from the capability, such as easing software deployment and standardization and, once developed, increasing the speed of overall automation.

October 1, 2020
By Kimberly Underwood
As the deadly COVID-19 virus spread around the world, so did the attacks from malicious cyber actors, taking advantage of the unsure times, say experts from leading cybersecurity firms. Credit: Shutterstock/VK Studio

While the world was facing the rapid and deadly spread of the severe acute respiratory syndrome coronavirus 2, most commonly known as COVID-19, malicious cyber attackers were also at work, increasing the number of attacks, switching methods, taking advantage of the boom in Internet, network and email users, and playing on fears during the uncertain time, cybersecurity experts say. Companies struggling to maintain operations are still leaving gaps in digital security, they warn.

October 13, 2020
By Julianne Simpson
Credit: SailPoint

Many agencies today lack a way to effectively and securely govern access across multicloud environments. Though the use of multiple cloud platforms such as AWS, Azure and Google give agencies the freedom to match the requirements of each use case to the unique strengths of each cloud platform, it also leaves businesses vulnerable to the risks and costs of noncompliance, cyber attacks and human error.

Lack of governance can also stifle productivity and growth—if users can’t get the access they need when they need it, work doesn’t get done. Managing who has access to what and with which privileges is a major challenge in the cloud due to rapid change and its large scale.

October 1, 2020
By Joseph Mitola III
Senior Airman Daniel M. Davis, USAF, 9th Communications Squadron information system security officer, looks at a computer in the cybersecurity office on Beale Air Force Base. Cybersecurity airmen must manage more than 1,100 controls to maintain the risk management framework. Credit: U.S. Air Force photo by Airman Jason W. Cochran

Users need to transition all networked computing from the commercial central processing unit addiction to pure dataflow for architecturally safe voting machines, online banking, websites, electric power grids, tactical radios and nuclear bombs. Systems engineering pure dataflow into communications and electronic systems can protect them. The solutions to this challenge are in the users’ hands but are slipping through their fingers. Instead, they should grab the opportunity to zeroize network attack surfaces.

October 1, 2020
By Dirk W. Olliges
Leslie Bryant, civilian personnel office staffing chief, demonstrates how to give fingerprints to Jayme Alexander, Airmen and Family Readiness Center casualty assistance representative selectee. Although requiring fingerprints to access information is better than single-factor identification verification, it should be part of a multifactor authentication approach. Credit: 2nd Lt. Benjamin Aronson, USAF

The two-factor authentication schema is often heralded as the silver bullet to safeguard online accounts and the way forward to relegate authentication attacks to the history books. However, news reports of a phishing attack targeting authentication data, defeating the benefits of the protection method, have weakened confidence in the approach. Furthermore, hackers have targeted account recovery systems to reset account settings, yet again mitigating its effectiveness. Facilitating additional layers of security is crucial to bolstering user account protection and privacy today and into the future.

September 25, 2020
By Maryann Lawlor
Enterprisewide Risk Management (ERM) consists of the formal identification of major risks to the organization’s mission.

Cybersecurity is now a significant area of focus and concern for senior leaders who have witnessed cyber events that have resulted in significant financial and reputational damage. However, for many organizations, data defense continues to be a technology-focused effort managed by the technical “wizards.” Board of director discussions often zero in on describing the latest cyber threats rather than taking a long-range approach.

But cybersecurity is more than a technical challenge. Enterprise risk management (ERM) is an effective tool to assess risks, including those with cyber origins, but few businesses or agencies use the technique for this purpose, cyber experts assert.

September 16, 2020
By Maryann Lawlor
Bryan Ware (top l) and Jeff Reed (bottom) discussed some of the global shifts in cybersecurity requirements. The two shared their observations during a panel moderated by Jon Check, cyber protection solutions, intelligence and space unit, Raytheon, during the Billington Cybersecurity Summit.

COVID-19 has done more than increase hand-washing and mask-wearing. It has meant an entirely new way of communicating and collaborating. Those on the front lines say some of these changes are here to stay and will last much longer than the pandemic simply because they are more efficient ways to do business.

September 9, 2020
By Shaun Waterman
A GPS III satellite circles the earth. Photo Credit: United States Government, GPS.Gov

​​On both sides of the Atlantic, NATO and European leaders are struggling to address the threat posed to vital space systems by foreign hackers, cyber warfare and online espionage. Huge swathes of the global economy are utterly dependent on orbital capabilities like GPS that look increasingly fragile as space becomes more crowded and contested.

August 1, 2020
By Robert K. Ackerman

The COVID-19 pandemic brings with it a new set of cyber vulnerabilities built around lifestyle changes throughout society, and these vulnerabilities cry out for new means of cyber resiliency. “It’s quite possible that historians will remember COVID-19 as one of the very important civilizational turning points,” says Alexander Kott, chief scientist of the Army Research Laboratory and Army ST for cyber resilience. “COVID-19 is acting as a forcing function. It forces us to accelerate the transition to a more virtual society than we were before, and it is accelerating the trend that was occurring before COVID-19 but was happening more slowly and less noticeably.”

July 21, 2020
 

Enterprise modernization of the Navy's networks and systems is finally underway. Set to impact hundreds of thousands of uniformed and civilian users, it will consolidate many outsourced network service delivery mechanisms across the entire Department of the Navy (DON). The initiative aims to transform how services are delivered, provide a dramatically improved end user experience, and enable critical innovations long needed to accelerate the DON’s mission.

July 20, 2020
Posted by Julianne Simpson
Vince Urias, Sandia National Laboratories computer scientist, will pitch cybersecurity tools to potential investors at a special Department of Energy event. Photo by Randy Montoya

Two Sandia National Laboratories computer scientists are earning national recognition for cybersecurity platforms they developed. Adrian Chavez and Vince Urias will pitch their software to investors, entrepreneurs and prospective customers during the Cybersecurity Technology Virtual Showcase, which runs July 21-30 and is sponsored by the U.S. Department of Energy.

Combined, Chavez and Urias led the creation of four of the technologies to be showcased.

July 15, 2020
By George I. Seffers
U.S. Defense Department officials intend to complete an initial zero trust architecture by year's end to improve cybersecurity, according to Vice Adm. Nancy Norton, USN, director, Defense Information Systems Agency.

The U.S. Defense Department by the end of the calendar year will release an initial zero trust architecture to improve cybersecurity across the department, says Vice Adm. Nancy Norton, USN, director, Defense Information Systems Agency, and commander, Joint Force Headquarters-Department of Defense Information Network.

Norton’s agency, commonly known as DISA, is working with the National Security Agency, the Department of Defense (DOD) chief information officer and others on what she calls an initial “reference” architecture for zero trust, which essentially ensures every person wanting to use the DOD Information Network, or DODIN, is identified and every device trying to connect is authenticated.

July 14, 2020
By George I. Seffers
Lt. Gen. Bruce Crawford, USA, the Army's soon-to-retire CIO/G-6, attends a working lunch during the Joint Warfighting Assessment on Joint Base Lewis-McChord, Wash., May 1, 2019. The CIO said during the Army’s virtual 2020 Signal Conference hosted by AFCEA that the time is right for the service to split the CIO and G-6 offices. Credit: Sgt. Torrance Saunders

The U.S. Army’s near future will include an increased focus on adopting “zero trust” cybersecurity practices, better protecting its network endpoints and consolidating its plethora of cloud computing contracts, according to Lt. Gen. Bruce Crawford, the Army’s outgoing CIO/G-6. It also will likely include tightening defense budgets.

The general indicated during a keynote address for the Army’s virtual 2020 Signal Conference, which is hosted by AFCEA, that the 2021 fiscal year “is going to be all about driving on priorities.”

July 14, 2020
By Kimberly Underwood
Put simply, zero trust architecture (ZTA) is a "standard security door, and it’s a door that we can put in front of any application on our networks,” says Col. James Lotspeich, USAF, chief technology officer, Air Combat Command (ACC), Directorate of Cyberspace and Information Dominance (A6). The ACC is pursuing two ZTA pilot programs to improve cybersecurity. Credit: Shutterstock/Gomolach

The U.S. Air Force is experimenting with a zero trust strategy to provide additional digital protections. Zero trust architecture offers a higher level of cybersecurity, through limited per-session access, continuous monitoring, endpoint security and monitoring of network conversations, explained Col. James Lotspeich, USAF, chief technology officer, Air Combat Command (ACC), Directorate of Cyberspace and Information Dominance (A6).

Col. Lotspeich spoke about the ACC’s zero trust architecture efforts during AFCEA Tidewater’s July 2 virtual luncheon.

July 1, 2020
By Allison Annick
After serving in the U.S. Navy during World War II, Grace Hopper remained in the naval reserve. In 1952, her team at Remington Rand created the first compiler for computer languages, which was a precursor for COBOL. In this 1960 report, Hopper stands next to a mainframe computer that ran using COBOL. Courtesy of the Computer History Museum

At 61 years old, the common business-oriented language is the same age as many college kids’ parents. The coding language had its own exhibit in the Smithsonian National Museum of American History in 2013. Many in the industry now call it a “legacy language,” but its continued, widespread use tells a different story.

July 1, 2020
By Stephen Wood
Devices such as copiers have been updated with Internet connectivity, creating a potential risk as an entry point to the network. Credit: Andrey_Popov/Shutterstock

In the past two years, hackers have increasingly targeted Internet of Things devices to breach cybersecurity defenses. Because these devices are frequently not patched when software flaws are found, they represent a soft target for attackers. In 2017, 15 percent of all successful attacks exploited one of these device’s beachheads. By 2019, that number increased to 26 percent of all incidents with growth expected to continue, according to a recent analysis performed by Ponemon Institute.

July 1, 2020
By Capt. Alex M. Roberts, USAF
U.S. Marines with 8th Communication Battalion, II Marine Expeditionary Force Information Group, collaborate as part of Team Spartan during Cyber Fury 2020. Cyber Fury is an annual training exercise that allows Marines to simulate a series of cyberspace attacks by identifying and countering them. Credit: Lance Cpl. Haley McMenamin, USMC

With the 2020 election fast approaching and tensions with Iran continually shifting, many people are looking to U.S. Cyber Command to help ensure cybersecurity. The command faces an uphill battle because the current construct allows each service branch to retain tactical command of its organic cyber experts. To be more successful in the cyberspace domain, the command needs to take over tasking authority for all cyber-related units, establish a standardized joint cyber schoolhouse and establish a Joint Cyber Operations Command to perform joint, effects-driven cyber operations.

June 25, 2020
 

ASIRTek Federal Services LLC, San Antonio, Texas, has been awarded a $78,000,000 firm-fixed-price contract for information security support services.  This contract provides for proactive support of the foundational pillars of this requirement, which are cybersecurity improvement initiatives and cybersecurity support. Work will be performed at Joint Base San Antonio-Lackland, Texas. Additional on-site support locations may include Joint Base Langley-Eustis, Virginia; Robins Air Force Base, Georgia; Tyndall AFB, Florida; Randolph AFB, Texas; and Davis-Monthan AFB, Arizona.  Work is expected to be completed June 28, 2025. This award is the result of a competitive acquisition with 24 offers received.

June 12, 2020
 

ICF Inc. LLC, Fairfax, Virginia, was awarded a $13,444,607 modification (P00036) to contract W911QX-17-C-0018 to extend mission critical defense cyber operation services provided by ICF. Work will be performed in Adelphi, Columbia, Fort Meade, and Aberdeen Proving Ground, Maryland; Fort Belvoir, Virginia; San Antonio, Texas; and Colorado Springs, Colorado, with an estimated completion date of December 15, 2020. Fiscal year 2020 research, development, test and evaluation, Army funds in the amount of $13,444,607 were obligated at the time of the award. U.S. Army Contracting Command, Aberdeen Proving Ground, Maryland, is the contracting activity.

Pages